16 matches found
EUVD-2026-36094
Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration...
CVE-2026-50107
When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...
CVE-2026-50107 NGINX Gateway Fabric vulnerability
When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...
EUVD-2026-37792
When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition CRD access log format...
K000161611: NGINX Gateway Fabric vulnerability CVE-2026-11311
Security Advisory Description When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens...
CVE-2026-50564 Fission Environment CRD podspec passthrough enables hostPID/hostNetwork/privileged pods, node escape
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...
Fission 安全漏洞
Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contain security vulnerabilities. These vulnerabilities arise from the exposure of spec.runtime.podSpec and spec.builder.podSpec in the Environment CRD during merging, without filterin...
CVE-2026-41174
A flaw was found in Traefik, an HTTP reverse proxy and load balancer. When the Kubernetes Custom Resource Definition CRD provider's allowCrossNamespace setting is false, Traefik incorrectly processes nested middleware references. An attacker with permissions to create or update Traefik CRDs in...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the createChainMiddleware function. Even when providers.kubernetesCRD.allowCrossNamespace=false is set, references in spec.chain.middlewares may be followed to access objects in other namespaces. A user with...
CVE-2025-29781 Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD
The Bare Metal Operator BMO implements a Kubernetes API for managing bare metal hosts in Metal3. Baremetal Operator enables users to load Secret from arbitrary namespaces upon deployment of the namespace scoped Custom Resource BMCEventSubscription. Prior to versions 0.8.1 and 0.9.1, an adversary...
Path Traversal
github.com/karmada-io/karmada is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths within custom resource definition CRD archives, allowing attackers to exploit a TarSlip vulnerability and write arbitrary files to arbitrary locations in the filesystem...
SUSE CVE-2024-25131
A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource CRD of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard...
GO-2024-3109 The Bare Metal Operator (BMO) can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator
The Bare Metal Operator BMO can expose particularly named secrets from other namespaces via BMH CRD in github.com/metal3-io/baremetal-operator...
Sensitive Information Disclosure
Rancher Manager is vulnerable to sensitive information disclosure. The vulnerability is due to Helm values being stored directly in the Apps Custom Resource Definition and leaking into audit logs when the audit level is set to 2 or above, allowing users with GET access to read sensitive informati...
OESA-2023-1414 kubernetes security update
Container cluster management. Security Fixes: Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are...
Privilege escalation
Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have CREATE permission for gateways.gateway.networking.k8s.io objects can escalate this privilege to create other resources that th...